350-701 Free Practice Test

- (Exam Topic 3)
An organization wants to secure data in a cloud environment. Its security model requires that all users be authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default. Which technology must be used to implement these requirements?

1. A. Virtual routing and forwarding
2. B. Microsegmentation
3. C. Access control policy
4. D. Virtual LAN

Correct Answer: C
Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. Zero Trust assumes that there is no traditional network edge; networks can be local, in the cloud, or a combination or hybrid with resources anywhere as well as workers in any location.The Zero Trust model uses microsegmentation — a security technique that involves dividing perimeters into small zones to maintain separate access to every part of the network — to contain attacks.

- (Exam Topic 3)
An organization has a requirement to collect full metadata information about the traffic going through their AWS cloud services They want to use this information for behavior analytics and statistics Which two actions must be taken to implement this requirement? (Choose two.)

1. A. Configure Cisco ACI to ingest AWS information.
2. B. Configure Cisco Thousand Eyes to ingest AWS information.
3. C. Send syslog from AWS to Cisco Stealthwatch Cloud.
4. D. Send VPC Flow Logs to Cisco Stealthwatch Cloud.
5. E. Configure Cisco Stealthwatch Cloud to ingest AWS information

Correct Answer: BE

- (Exam Topic 3)
Which kind of API that is used with Cisco DNA Center provisions SSIDs, QoS policies, and update software versions on switches?

1. A. Integration
2. B. Intent
3. C. Event
4. D. Multivendor

Correct Answer: B

- (Exam Topic 2)
A network administrator is configuring SNMPv3 on a new router. The users have already been created; however, an additional configuration is needed to facilitate access to the SNMP views. What must the administrator do to accomplish this?

1. A. map SNMPv3 users to SNMP views
2. B. set the password to be used for SNMPv3 authentication
3. C. define the encryption algorithm to be used by SNMPv3
4. D. specify the UDP port used by SNMP

Correct Answer: B

- (Exam Topic 2)
An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication?

1. A. Configure the Cisco ESA to drop the malicious emails
2. B. Configure policies to quarantine malicious emails
3. C. Configure policies to stop and reject communication
4. D. Configure the Cisco ESA to reset the TCP connection

Correct Answer: D